Analysis and opinion by Christopher Soghoian, security and privacy researcher.

Saturday, October 28, 2006

FBI Visit #2

I didn't sleep at home last night. It's fair to say I was rather shaken up.

I came back today, to find the glass on the front door smashed.

Inside, is a rather ransacked home, a search warrant taped to my kitchen table, a total absence of computers - and various other important things. I have no idea what time they actually performed the search, but the warrant was approved at 2AM. I'm sincerely glad I wasn't in bed when they raided the house. That would have been even more scary.

I'm trying to maintain a semi-normal life. I have grad-student work to do - and a conference deadline of Nov 20th for a paper I'm working on.

Dude, they've got a job to do. They've got to protect the country. I don't know if you get this or not, but we're at war. The terrorists want to kill us, and you tried to help them. Do you want to see Americans die? You deserve to be thrown in jail, at the very least. You're a traitor; a modern day Benedict Arnold. In my opinion, you deserve to nothing less than execution.

Anonymous detractor above me must not realize that any terrorist worth his salt already knew this, and that this was only an attempt to call attention to the flaw so that it could be fixed before it was abused, or else is a shameful troll.

Note to anonymous detractor, in case not a trol: He is not trying to help people hijack airplanes. He is trying to call security holes to the attention of the public so that they will be fixed. The fact that this does not seem to have been fixed yet, but he has already been searched, leads me to believe that our governments priorities are somewhat out of order.

In any case, I trust the feds a little less every day. Good luck, man; don't let 'em get you down. I sent an angry message to Markey calling for a public apology, but I doubt you'll get it.

technically, it's TSA that's helping the terrorists, by wasting energy and effort on things that are easy to get around. Now, me, I don't want to see Kip Hawley, James Loy, or any of the rest executed for helping terrorists. I'd just like them fired, and replaced by people who focus on the job of protecting us and our airplanes.

"Dude, they've got a job to do. They've got to protect the country. I don't know if you get this or not, but we're at war. The terrorists want to kill us, and you tried to help them. Do you want to see Americans die? You deserve to be thrown in jail, at the very least. You're a traitor; a modern day Benedict Arnold. In my opinion, you deserve to nothing less than execution."

Ha ha ha ha, that guy was a douche.

I'm sure he still believes Iraq had weapons of mass distraction, and that America can do no wrong.

I'm more interested in the other things they may have taken from you. I mean, it was a shoe in they'd take the computer, but what else is gone?

Anyway, it should be noted, whenever you expose the Gov't sucking ass, they'll take what you used to show it. Airport security is a joke, and will continue to be so.

To me, you want to end people attacking us, figure out what they f'ing hate us so much and try to change that. I mean, hell, how long have we crapped on the people of the middle east? And now we're surprised they want revenge?

Keep fighting the good fight bud, and get a good lawyer. I bet you'll be getting some good offers soon.

You had to know this would happen. Tell us, did you even try to alert anyone to this prior to your stunt? You wanted your 15 minutes of fame and instead you'll probably get 15 years in prison. Not too bright.

Overstating the obvious, you need a lawyer ASAP, particularly if this gets referred to the US Attorney's office. If it does, and gets taken to a grand jury, you stand an excellent chance of being indicted on whatever they decide to charge you with. That does not judge your guilt or innocence on anything mind you, but it moves you from "target of an investigation" to "defendant." Not good.

As with state and county criminal courts, if you cannot afford an attorney you are entitled to representation by the federal public defenders office. I strongly suggest that you investigate this first thing Monday morning.

Wow! can you guess which poster above is the reactionary Republican moron who hasn't bothered to read the background of this ridiculous home invasion?

Definitely time to get the source code out as a bit torrent so we can get it up on as many sites as possible. Also time to rat out Senator Shumer (D-NY)as the original source of the idea. Check it out at http://www.senate.gov/~schumer/SchumerWebsite/pressroom/press_releases/2005/PR4123.aviationsecurity021305.html

well this is certainly the most interesting and frightening thing that could happen to me.

i think though that anonymizing tools in general are getting to be significantly useful and incredible, so that people will continue to speak their mind without these repercussions.

so no worries yet, except for this MAN himself and his new personal problems. but this just goes to show how important it is that we keep working on anonymizing networks and bring the tools to the mainstream.

when do you notice, that you and your organisation are out of control? You are there to protect freedom, democracy and free speech. Instead, you're harassing people who are in principle in your camp by pointing to security flaws.

You may want to give Jennifer Granick a call, she runs the Center for Internet and Society out of Stanford. She's run Internet-specific defence cases before. Not sure if this would fall under her realm or not - but it couldn't hurt to get in touch with her.

"You had to know this would happen. Tell us, did you even try to alert anyone to this prior to your stunt? You wanted your 15 minutes of fame and instead you'll probably get 15 years in prison. Not too bright."

The loop-hole had already been found, and brought to the intention of the authorities. They did nothing. Chris' actions have publicised the hole so that it will be fixed, and so protected the country from these terrorists (who most likely knew about this anyway). But I know that the people who think this way won't listen to reason, and will continue to blame people Chris for America's gaping problems.

I know that you may be up to your ears in referrals by now, and I agree that the ACLU and the EFF could be great resources, but I just want to make sure you also know that, at the more local level, you might want to let the folks at the Bloomington Peace Action Coalition know that you're looking for a lawyer, and you would also probably be able to find support at the Unitarian Universalist Church of Bloomington, if you're looking for ways to spread the word and/or raise money in B-town.

If you want more direct help, give me a shout. I would be more than happy to send some emails and help with the lawyer search, if it's still on.

Sorry that we passed like ships in the waters of the Informatics building, man, but it's been nice getting to know you a bit via Planet Info, and I wish you the best of luck.

Wow... I found your blog by clicking that little "next blog" link on blogger... good grief. At first I thought all this was a hoax blog, but it sure sounds like it's really happening to you... totally sucks. I wish you the best.

Man, they knew since 2003 about that (and probably other) flaw(s) and cared shit to fix it/them.

Now the security flaws got more widespread public attention! Think of it; you pay a lot of money for a flight, so you should get a minimum of security in return.

Think of Sony's Rootkit and busted Kryptonite locks: A handful of crybabies - no chance the suits will change something. But spread over the net, they HAVE to do something (and searching people's homes in the middle of the night is not the solution)

All this "War on Terror" is only bringing it further into being. Mother Teresa said something along the lines of this, "Don't bother inviting me to an anit-war rally, but I'll be the first to attend if you have a peace rally."

Well its offical, your marked man. Someone as intelligent as you should get out of the country even if this stuff isnt going down. Finish your schooling and get the hell out of there, move up to the nice friendly country of Canada. You'll fit in fine :p

I am assuming that this University does teach some common sense.If there are security concerns with software, it is submitted to the owners privately. Not posted on the Internet, and told to have fun with it.Do not mean to rain on your parade, but this is not a contest of the First Amendment, but a valuable lesson in stupidity. I am sure that you will make a lovely professor with teaching these kinds of things to your studends.

They broke your window? Those assholes. I can list 10 ways off the top off my head they could have made entry with less property damage that I'm sure they are aware and capable of. Their ability to differentiate between a naive college student and a potential terrorist is also confidence-ensuringly sharp. With a potential terrorist their actions are almost reasonable, for an example case prosecution of a naive college student they are way over the top. All that would be called for in that case is taking your hard drive.

Crazy, but it's just another sad day to be an American. We're supposed to be a nation of laws, but we're really a nation of a vast, out-of-control government. We're being screwed every single day, but most Americans are too blind to see it. We're well beyond voting away this nonsense, and that's been the case for at least 50 years. For those who think its just Bush, you're wrong, it's the whole damn system.

Heaven forbid that you say the emperor has no clothes. They'll come ransack your apartment and threaten to arrest you.

They're just after you because you publicly demonstrated the fact that 5 years after 9/11, we are no safer now than we were back then. All the work the TSA, Homeland Security, the President, and the Republican party has put towards security has done nothing. While we secure our airplanes against toothpaste, shampoo, apple juice, and other liquids in excess of 4 ounces, they did absolutely nothing about fake boarding passes and the ability those gave terrorists to get past security.

Hopefully, people see the ineptitude of the Republicans and their cronies and vote the lot of them out of office.

Not only did he inform the TSA, so did a Senator almost a year ago. [See http://www.senate.gov/~schumer/SchumerWebsite/pressroom/press_releases/2005/PR4123.aviationsecurity021305.html ]It's clear that they won't change the policy unless someone does something about it. So either wait for a terrorist attack, or bring the flaws to public attention. I don't know about you, but I'd rather be informed before an attack.And best of luck to you Chris. I think you should be rewarded for bringing this security flaw that has existed for so long into the public eye.

I believe that this sort of “testing” should actually be encouraged. It’s how security firms create better products and systems, by having hacker’s test them and try bypassing them. It’s raw and it works. The only thing the FBI should be “investigating” is ways to make it more difficult to make fake boarding passes, and Christopher Soghoian should be praised.

haha, i was like damn this dude got on slashdot with some insignificant script, i should be doing that shit. but like um no, i'm cool with being in jail.

to be honest, i would have tried to contact private parties about seeing that the problem gets fixed, rather than going on slashdot with it.

there is a tension between getting through the airport without being harassed and flying securely. if you know of some harassment-free method to fly securely, you should publish it somewhere.

when airlines relax toward "less harassment", security lowers, and anyone can sit around and find holes in the system, and we all know it's not fully secure -- you'd be a fool to expect that if some terrorist really wanted to fly, he could not.

so i'd say you made a mistake. sure, it's not a mistake "logically" given a particular interpretation of law, but only socially unintelligent person would deem what you did to be "right" in a meaningful way.

The first search warrant is always the toughest. Believe it or not, the cops are usually more scared than you. Don't feel bad. My house was surrounded by dozens of armed deputies just for using bad language on the phone. I ended up getting away with it.I'm glad they didn't learn that my dogs have drivers' licenses in three states and that those Jack In The Box coupons were fake.

Wow, I feel sorry for you. Here you are trying to show a security hole (although something more discrete would have been better) and they search your house and take your stuff. It's nuts the way the world is today

There was no reason they had to serve this warrant in the middle of the damn night. There was no indication that the subject of warrant was violent or would have resisted in any way. It's stunts like this that get cops killed.

Is a php-script really worth scaring a home owner and risking a gun fight at 2 a.m.?

It's reasons like these why I hate most cops and just about all Federal agents.

I'm still confused as to what law you actually broke... and am wondering about over-zealous federal law enforcement agents... and, yes, gentlemen & ladies, you can come knocking at my door, if you'd like...

In the mean time, do contact the ACLU and EFF...

And keep blogging... remember that transparency is a bedrock for democracy...

So this is what the 'best and brightest' do in their spare time? THIS is what academia is turning out? Hackers and subversives trying to scam the system instead of making meaningful contributions to society? As Jay Leno would say, 'you IDIOT!' I hope they put you away. Charge: YOU'RE AN IDIOT!!!

Shame what happened did, If you had only stamped "EXAMPLE" across the middle of the image using the GD library, none of this would have happened and it still would have been brought to their attention.

this is ridiculous - the gov. knew about the loophole over 1 and a half years ago, yet they are trying to cover it up by harassing college students instead of fixing it. they are not trying to protect the country, they are protecting their jobs or wasting taxpayers $. i hope you get a lot of $ from a countersuit or something.

If Christopher Soghoian's website and many, many other media outlets are to be believed, and you need to check your priorities for calling for his arrest. Granted, he published on his website a way to generate fake boarding passes, but he did so in order to point out the gaping hole in TSAs secutiry processes.

Surely, you would encourge the public to point out obvioius holes in policy, laws, or other societal "rules" you and other elected officials are responsible for sheparding. I realize you probably object to the manner in which he points out the flaws in TSAs efficacy, but this very same issue has been pointed out many other times more discretely for years - incluuding by Senator Schuman of New York.

Sometimes when the message is not heard, one needs to stand on a table and shout it, thereby ensuring it is received. Point of proof.....you heard it this time!

Now you want to punish someone for 'shouting'..that's one reasonable definition of the internet, right...a public "soapbox". Shame on you.

Please, please, please....spend your time fixing the underlying problem, not 'shooting the messenger'.

Boarding pass and ID checks do not provide flight security. The government can't even focus on keeping "guns and bombs" off the plane properly. Instead they obsess over checking papers and identification documents while waging a war on liquids at airports and banning dangerous water and tubes of toothpaste. The lunatics are running the asylum.

Chris, I love the idea of getting the code out... or perhaps someone was smart enough catch it before it went bye-bye...

There's a little voice in my head saying, "If the feds had only left well enough alone, this whole thing would'a blown over... Now they've made sure everyone in the world knows about it." Hell, I'm even willing to bet that you'll be on Wait Wait on the next show.

And to the federal agents who are reading this, you can refer my insolence to my friends over at the Norfolk Joint Terrorism Task Force; they've been to my house before, so I'm pretty sure they can find me again. ;-)

Good luck. No jury on the planet would ever convict you, hopefully you won't be charged with anything. You're a whistle blower. But the Oval Office and Congress don't like to be exposed as what they are... corrupt & incompetent. So they send their dogs to scare you, as a message to the rest of us "Citizens", "Shut your fucking mouth, don't critisize your Goverment or we will fuck your life up!" And if you have any doubt about whether this was a blatant scare tactic and a complete abuse of Federal Goverment Power, here's a simply question, "Why do this in the middle of the fucking night to a Phd Student? An Academic!"

In "America" Citizenship no longer entitles you to a trial by a jury of your peers(hey that citizen is an enemy combatant) or limits you being held without a charge. And now, The president can declare martial law ,nullifying some of the most important protections in the constitution againts using the fucking Army against Americans!

Why?

Because the Republicans are pussies that are scared of terrorists ... and are willing to give up the whole point of America, freedom. The purpose of starting America was NOT to be safe it was to be fucking "FREE".

The Republicans failed at protecting the borders (incredibly simple) and failed in airport security.. (all the luggage isn't scanned) .. and they want to punish anyone who points that failure out.. like you. You're making the President and Congress look really stupid and incompetent, that's why the FBI is storming into your house in the middle of the night.

When the Democrats have the Oval office and Congress .. hopefully we'll return to some semblance of Freedom again.

To the anonymous clown that posted "You're a traitor; a modern day Benedict Arnold. In my opinion, you deserve to nothing less than execution." ,I say get your ass out on the front line like the Marines I served with. I was there the first time when a bush couldn't get the job done. I got out because I did not believe the corrupt govt of the US was interested in her people, but only the financial interests of the chosen few. I guess you believe Iraq had WMD's too. Chris only showed how stupid these so-called protective measures are. You need to get your lazy ass back to IM'ing Mark Foley. The supposed security measures are just like gun registration and locks, only serve to keep honest people honest.

I can't see how pointing out a securty flaw is breaking the law. However there was a mindless idiot political guy that did call for your arrest. So I look at this matter as purly political. The good news that the guy who called for your arrest is going to be out of a job on the 7th of November.

To the idiot who wrote we are "at war”, you watch too much fucking TV. We are not "at war" with terrorists, American is a war with itself, the media in particular. A person is more likely to be shot by a police officer or die of the flu then by terrorism. I hate this ridiculous media-blackout society that we live in. Media and lobbyists will kill of the U.S.A, not terrorists.

I can't believe there's people blaming Chris for this. He made a "generator" that is about as difficult as sending an email for most Computer Programmers. The security issue is the fact that airport security actually accepts (EXTREMELY EASILY MODIFIABLE) computer printouts as boarding passes!

But its worth noting - Bush did not create the concept of lawfully executed Search Warrants.

Wow... the terrorists in the FBI are at it again... trying to kill Democracy by silencing all conversations that don't agree with the party line.This is sure proof the terrorists have won... and the country is doomed.--Mike--

Email I just sent to Congressman Markey: Do you really think going after grad students for pointing out the government's shortcomings in homeland security is going to help prevent terrorism? The webpage posted by Chris to create boarding passes while probably the wrong way to go about proving his point is being met with a completely idiotic response iniated by you and carried out by the FBI that shows the government really has no idea or no desire to protect us from real threats instead go after easy targets to make it seem like something is being done. Please do what you can to make things right and stop punishing Chris. Also if you have any response to this please do not have it be a form letter because that would be almost as insulting as your complete lack of compentence at identifying real security threats.

1. Meet your elderly grandparents at the gate2. 'Upgrade' yourself once on the airplane - by printing another boarding pass for a ticket you're already purchased, only this time, in Business Class.3. Demonstrate that the TSA Boarding Pass/ID check is useless.

Have fun!>>>>>

I think there is a big difference between demonstrating a hole in our nation's security, and giving others who might not have the technical knowledge that you do(including potential terrorists) the ability to exploit that hole.

What you did was wrong, but what you meant was right. I know your intentions were good, but this will probably end up being a lesson to others that intent does not always equal the result.

I know others here have claimed without your generator that this hole would have never been fixed, but I completely disagree.

There are so many other ways this could have been done with better results for you and our government. You could have gotten the same amount of coverage if you had alerted the press and would be having less sleepless nights.

I could have seen myself doing something this stupid when I was younger and I hope you make it through this fine.

I would suggest that your first course of action would be to admit that you were wrong, but state your intentions to a judge. My guess is that your inevitable sentence will be lighter, and that you will be able to finish grad school on time.

Intent will mean a lot to a judge if you admit that you are wrong. (which you are)

Overall, I think you're a good person, just a bit naive as we all have been at one time or another in our lives.

Listen, I understand you did this with good intentions, but would you teach your kid that a gun was dangerous by leaving a loaded weapon on the kitchen table? You publishing this script is nothing short of idiotic and in this day and age you deserve anything you have coming to you. Seriously, for a grad student, you're pretty freaking stupid. This will be fun to watch.

To those talking about anonymizing networks... this idiot had his whole bio posted on the web.

Get a refund from your university dude, you need to work on your street smarts first.

You think you're helping the world by doing this and you're a martyr? You're not. You're a frigging idiot. The end result of your experiment is that we won't be able to print out boarding passes in advance of our flights. Thanks for taking away the one slight convenience that has been added to travelling since 9/11. You are a moron.

Why is it that some are intentionally stupid? Seriously, why? If you have a PHd, why the stupidity?

You're posting stuff that can get people killed, similar to handing them bombs ready to go off, only in this case, you're handing them the boarding pass rather than the bomb. They need both, you're handing them one of the items needed to kill people.

That's DUMB.

You might be smart in a few select areas, but you're DUMB otherwise in not being able to see wrong from right and act accordingly.

The FBI's doing their job, I applaud their efforts and hope you'll grow up mentally and get some broader intelligence so you can see why what you've done is wrong.

Your peers cheering you on... dumb.

Grow up guy, you better hurry too, it's all gonna collapse around you if you don't.

I'm really sorry for you, it is clear that the one "land of freedom" America is not the land of dictatorship.Unfortunately this is what happens when you let a serial killer, religious zealot, war criminal, become president.

Your country is now straight on the path that will bring it to where Germany was in 1930/1940, your freedom is vanishing so fast that when you will realize how far this all went it will be too late to do anything about it.

Keep in mind the wise words of Franklin: "who gives up essential liberties for temporary security does not deserve liberty nor security".

Please do realize, now that _maybe_ you are still in time (even though i doubt it already), that whoever uses the fear against you, whoever uses the fear to gain special powers, whoever uses the excuse of terrorism/pedophiles/whatever to control you and to remove your freedom is NOT someone to be trusted, it is just a smart common criminal who wants to make your "land of freedom" into a "land of slavery"... it is just the enemy number one of democracy and of freedom and so should be judged and sent to jail for the rest of his life.

I wish you all the possible luck in this case and i hope you will get out of this with the less possible damage.

The terrorists have already won, your president gave them his full support in this.

I'm very sorry for you and the USA, you just did something RIGHT in order to enhace security and the dictatorship is going to make an example of you.

I hope american people will soon realize that you are in a dictatorship, and that democrats are the same as republicans, so you the people could take the power back to the people. But i think that it won't happen.

As for costs to fight this, unless it escalates don't worry. They are only investigating and they haven't filed an indictment. You don't have to answer any of their questions, which is probably best. And once they do, you'll still be given time to find a lawyer, and hopefully one that will do it for the press coverage. Good luck.

I think that the person who gave the order to search Chris's home has made a terrible mistake.

I know that there are some people who are embarrassed to admit that there are serious flaws with airline security policies and that those people may be afraid of censure or losing their jobs if those flaws become more widely known.

When we are embarrassed it is very easy to feel angry with someone who talks about the reason why we are embarrassed and it is also easy to think of them as an enemy.

However, don't you think that it would perhaps have been better to work with Chris (or the many other people who have pointed it out) on fixing this problem rather than creating a situation where you are now being seen as caring more about shooting the messenger than using the message to do your jobs better ?

"College students are often sheltered from the realities of the world. More so in liberal colleges."

Americans are often sheltered from the realities of the world. This is a clear case of only worrying about a major problem when it threatens the reputation of important people. I find it typical of government and big business everywhere, but even more so in the USA at the moment.

Don't be fooled. There are probably thousands of people capable of doing what Chris did. The ones who didn't do this fall into four categories:

(1) quietly informed the authorites and were ignored.

(2) kept quiet because they wanted to make use of it for illicit purposes.

(3) don't care enough to do anything.

(4) kept quiet because they have even better ways of striking at your country.

You should be glad Chris isn't any of the above. If you don't understand why, well, try reading this again in 10 years time when your country becomes a police state, or is reduced to rubble by some terrorist weapon.

This is unbelievable. I figured this loophole out the first time I printed a boarding pass online. And I certainly am not the only one. Of course I never exploited it myself or created a script to automate it, but it would be trivial for any terrorist to do it.

Considering that terrorist organizations use the Internet as one of their primary ways of communicating with the public, it would be daft to suggest that they hadn't figured this out by now.

You have a huge body of support behind you, but most importantly you have Truth. Use it well. It is a sad state of affairs in the US at the moment, Americans should be grateful someone is on their side helping progress. Security through obscurity never works, many eyes make all security holes shallow (to paraphrase Linus Torvalds). Best of luck to you, keep us updated, we'll keep you on Slashdot and other news sites. Use the media as much as possible, and to everyone else let's make sure this issue is kept in the spotlight until it is resolved.

so you make a fake boarding pass you still go through security right whats the problem If you make it through security with stuff needed for a highjack than security did not do their job.I hate not being able to go to the gate and wait for relitives getting off or look at the planes anymore.what the hell would you do at the gate for craps sake.not being able to go the gate is dumb noone is going to try something at the fucking gate.

It's sad to see a once-free country implode like this. I'm glad I don't live in the US - in fact I won't even consider going there until it undergoes a regime change. At least there are a few brave people left, here's hoping Chris (and others!) won't be crushed by the Orwellian system put in place by the fearful masses.

Hey, haters. You're not half as wise as you think you are. It's long known that in information science, "security through obscurity" is never working. It's a slow and unreliable way to deal with security. Thank you for trying to sound smart. The guy who runs this blog did a Good Thing.

There is no doubt that the flaws in the TSA system need to be corrected. This has been known for a few years now.

What everyone seems to be missing is that it's possible to point out the flaws in the system without breaking the law.

What Chris did was illegal on several levels.

1) The content he took from the NWA website was copyrighted. That's people's exhibit the first. The modifications he made do not constitute a separate work.

2) He misappropriated the NWA trademark. That's people's exhibit the second. When the FBI is done with him, NWA might have a bone to pick.

3) By creating the page, and explaining the ways to use it--even implicitly urging its use--he becomes liable for conspiracy to commit and aiding and abetting a felony. (Does anyone remember that it's against Federal regulations for non-ticketed passengers to be on the gate side of the TSA checkpoint?) It even says so in the search warrant. These facts are people's exhibit the third.

4) Both the blog and the now-missing page contain instructions on how to steal service from the airlines, to wit, "upgrading" one's boarding document to First or Business class. It would never have worked, which only demonstrates that Chris didn't really know what he was talking about. This, again, is conspiracy to commit, and accessory before the fact. These facts are people's exhibit the fourth.

What exactly did he think would happen? It isn't about intentions--although the intentions were clear enough in the page, and in the blog: "Go meet your grandparents at the gate." Translated: violate Federal regulations for your own personal convenience.

Good intentions or otherwise, if you put a gun in the hands of a child and the child shoots someone, you are as liable--if not more--for the shooting than the child. (The question of legal liability is without doubt.) If someone has used the output of the BP generator to get past the TSA checkpoint, then Chris is automatically an accessory to the crime. Had someone used a false boarding document to get past the checkpoint and commit some sort of mayhem, injuring people and damaging airport property, would anyone be discussing intentions? (You can't excuse it by saying, "Well, nothing happened." Absence of incident is not absence of probability or possibility. There could still be altered documents floating around out there since the page allowed one to create documents for future dates.)

Regardless of whether you're a conservative or a liberal (and I see a lot of liberals here), the concept of breaking the law is independent of political leanings. We are first a nation of laws, not of persons.

I don't know if I agree with the current regulations or not--I have no problem complaining that the TSA procedures are inadequate--but I'm old enough and wise enough to know that one must deal with the world as it is, not how one wishes it to be. The laws and regs can be changed, and maybe must be changed, but right now Chris has to deal with the fallout of what was, frankly, a stupid mistake. He did the right thing in a very wrong way.

I don't know if anyone remembers, but on September 11th, 2001, Arab terrorists misused the airlines to crash two planes into the World Trade Centers, and one plane into the Pentagon. A fourth plane ended up in a field in Pennsylvania, where my brother-in-law was one of the first responders to the scene. (He doesn't talk about what he saw that day. Care to imagine for a minute what it must have been like?) On Wednesday, October 25th, 2006, for a couple of days following, Chris S. made it much more easy for a similar set of circumstances to occur again.

Bravo to the Anonymous poster at 5:40 AM. I couldn't have said it better myself.

It's unfortunate that Chris had to learn this lesson the hard way. It's equally unfortunate that so many people here goad him on (I think they *really* see this as an opportunity to make Chris a martyr for more partisan bashing).

Chris -- was that your intention? To become a martyr? Or are you just stupid?

This is absolutely insane! Thank god I no longer live in the United Police States of America. Watch out, soon the US of A is going to be a larger human rights abuser than China is. Scary times. I hope Americans everywhere have more sense now than they did in 2004. Impeach Bush!

I would like to point out that the FBI executed the raid at a time and under abnormal business conditions against a citizen who had known locations, known patterns of behavior and no known reason to do anything other than present the warrant in normal hours under normal conditions.

This was a terrorist act by the FBI! It clearly was intended and structured to deny the party involved even the ability to seek legal redress. It was completely done in a fashion to send a message of terror.

The American People need to wake up. The Bush Administration is 100% out of control. They will not serve a warrant on an Illegal Alien. They will not serve warrants on drug pushers even with demands of the citizens. I called the FBI myself to report a Crack and Meth operation next door. I offered my house as a base for clandestine operations. They would not do anything.

You are a real patriot for trying to do your effort to get security up and working. The Bush guys are threatened by such efforts because it is obvious. Any effort that is made to secure this country in reality is blocked by the Bush team. They are opposed to securing the country because if they did the trillions of US Dollars they are stealing would not be able to be shaken out of the hands of taxpayers. It is a super mafia shakedown racket that is going on. I am just sad you ran into it.

For those out there who cannot figure this out. People rarely speak strongly against that which they support. Conversely People rarely strongly oppose that which they support.

Re: The argument that Chris was wrong to break the law to make a point.

The counter argument is:

. Law do not exist in a vacuum.

. Laws have to be measured relative to the goal of the legal system.

. The goal of the legal system is ?

. That's right. The goal of the legal system is to create a better society than the one that exists when we do not have a system of law in place.

. Now, if an action was taken with the intent of highlighting a danger to society. (And said action certainly succeeded) my question is...

"If the legal system and this action both have the goal of creating a better society - does the fault lie with:

a) The legal systemb) The actionc) The lack of any accountability whatsoever on the part of the agency that set up the insecure system in the first place ?"

The actions of chaps like Gandhi are admirable _precisely_ because they challenge the actions of folk who are harming society and using the legal system as a shield for the hurt they do and the damage they cause.

I am a white South African who grew up during the apartheid years and it was a damn common sight to see grown men cowering and copping out of their responsibility to stand up to bullies with the words:

"I did not challenge the bully because I have learnt to deal with the world as it is, and not how I wish it to be"

The only thing that creates the oh-so-fashionable environment of modern moral relativity is cowardice.

When you start justifying your own cowardice the only person you have fooled is yourself.

Chris is fighting for your freedom and he is doing it without drawing a gun, without intimidating anyone with a show of paramilitary force and - most of all - with the voice of reason instead of the voice of fear.

Bush and his entire administration needs to be ousted and executed publicly. I'd definitely be there cheering and having a good time. America is rapidly approaching something straight out of the book 1984. It's frightening.

First time in a long time I have written members of the Senate and Congress, but I wrote both of them today after I read the story... Sometimes I can't believe this kind of thing happens in our country, it's a shame that our rights and liberties are being removed a little piece at a time. So slowly, most people don't see it.. And all in the name of (War on Terror). Bahh pftt..

Find yourself a lawyer, and explore the options that should exist under the Whistleblower Protection Act, http://thomas.loc.gov/cgi-bin/query/z?c101:S.20.ENR:http://en.wikipedia.org/wiki/WhistleblowerSure, it might be a stretch, but in this case, having a blog might protect you under "media and journalism"...again, I know it is a stretch...But this law should apply when you consider that we have been told how safe we are and all the new security measures taken...that aren't secure. This is a waste of federal tax dollars, at the minimum, and a gross negligence, at the maximum.

I'm sad this has happened to you, if I where a Lawyer I'd be flying out to defend you, alas I'm not. I hope you find someone to help you. I hope the code for your generator gets out into the wild, rest assured it will end up on every single off shore server in existence.

I would like to preface this comment with the fact that I'm no Bush supporter. I agree that you have every right to point out the security loophole, but it was wrong to create the automated boarding pass generator.

Something that people with a lot of education usually fail to realize is that most people do not have nearly enough intelligence to figure out things like this for themselves.

You said it yourself - the basic html was beyond the grasp of most people, so you made it easier by creating a script to generate the pass.

You could use similar reasoning to distribute any state secret. "After all, we figured out [bio-weapons, nuclear weapons, etc.], so anyone could, right???"

I don't think you should go to jail, but you should be sentenced to getting a clue.

I might also suggest that you bring a civil suit against NWA and/or TSA to show that the security loophole is their problem. Making it more expensive for them to not fix the loophole is the only way it will ever be fixed.

Instead of trying to scare you, they should have offered you a job. I don't think you should have posted the script online, but I respect your decision to do so. It seems like you only had good intentions. I'm sure if the FBI or DHS called you and asked you to remove the site, you would have.

We really need to start going after terrorists who are trying to kill us and closing the security gaps in our country. Perhaps you should have called the Govt and informed them of just how easy this was.

I have always been a supporter of President Bush, but this is scary. Best of luck!

"if you put a gun in the hands of a child and the child shoots someone, you are as liable--if not more--for the shooting than the child."

Unless, of course, you are the corporation that made the gun, in which case you have no culpability for whatever stupid things people choose to do with it.

This tool could make a gun. It doesn't put it in anyone's hand, and it sure as shit doesn't pull the trigger.

The only way Chris could be held accountable for this is with a simultaneous cold-shoulder from policy makers w.r.t. the gaping security hole identified by his script. That refusal to respond to actual security issues points us to the real modern-day Benedict Arnolds.

TO ALL: I've contacted my Sentator and shortly I'll be contacting my congressman. Thankfully it is not Schumer. I strongly recommend firing off emails to your representatives expressing your displeasure. Remember be polite or the jackbooted thugs will trash your house next. For any persons living in NY I strongly recommend contacting Charles E. Schumer direct as he IS one of your representatives and he is the guy who called for Chris's arrest!

Once you win (and there is no way they can charge you with making said information public) sue the bastards for wrongful harassment (and yes... they have been harassing you) - I'm sure you can get at least $10 million for this.

Bush and his entire administration needs to be ousted and executed publicly. I'd definitely be there cheering and having a good time. America is rapidly approaching something straight out of the book 1984. It's frightening.

7:44 AM

Have the Secret Service men shown up at your humble abode yet? You might enjoy the Q/A session with those guys.

Chris imagines the "full disclosure" ethos that is so often valid and effective for computer and network security is appropriate for evaluating the security of critical public infrastructure. This assumption is incorrect and irresponsible.

"The only way for these kind of problems to get fixed, are through through public full disclosure. TSA/DHS cannot be expected to fix anything unless they are publicly shamed into doing so." - Chris

First , it should be noted that "full disclosure" is not what Chris did. "Full disclosure" is what Schumer and Slate.com did in a completely public forum many months ago. They posted details on specific security problems with TSA's check in and boarding protocols. Chris did something different - he posted a proof of concept exploit along with specific suggestions about how this exploit might should be used :" meet your parents at the gate " -Chris

Now , in the IT security community a proof of concept exploit often accompanies a 3rd party vulnerability disclosure, but before a responsible security expert releases a proof of concept exploit, the vendor of the vulnerable system is contacted and warned and then given the opportunity to address the security hole before vulnerability and exploit are made public.

In the best case scenario the threat of Full Disclosure works, the fear of "public shaming" and customer dissatisfaction motivates the vendor to fix the security hole.

In the next best case, when a vendor is unresponsive and does not address the vulnerability, the security expert discloses the vulnerability and the vendor fixes the problem.

In the worst case, when the vendor does not fix the problem even when the vulnerability is public, the security expert might release the proof of concept exploit to "shame" and force the vendor to address it.

This is what Chris attempted. He posted a php script to generate a fake boarding pass. It is a step beyond full disclosure, a tool was provided to exploit a security vulnerability in TWA's procedures. Proof of concept exploits are arguably appropriate for addressing worst case scenarios in IT security contexts - they are completely irresponsible and dangerous for addressing airport security issues.

Why?

1. TSA is not Microsoft, not a software vendor, TSA is a huge, a 45,000 employee bureaucracy subordinate to DHS and under the regulatory control of the U.S. congress. TSA cannot be expected to respond quickly to public shaming in the form of proof of concept exploit.

2. People's lives are at stake. If someone runs a proof of concept exploit and attack s some vulnerability in windows 2000 servers, maybe some customers are denied service, maybe someone's credit card info is stolen. If a terrorist uses Chris's generator and boards a plane, people die.

My overriding question is really: Who does Chris think he is? Where does he think he is? This is the U.S. post 9/11 and I, for one, am glad that not all of the energy of DHS and the FBI is going into racially profiling middle easterners. The egregiously irresponsible deserve to be prosecuted when they endanger the rest of us even when they are white and privileged.

I wish Chris the best, hopefully he will emerge from this a little wiser.

Hang in there Chris. Don't worry you haven't done anything wrong. What is happening to you is absolutely ridiculous. US govt is the most fucked up govt in the world. They punish innocent and scare bright students like you. I hope they understand that breaking your windows and ransacking your house and trying to scare you is not going to make AMERICA more SAFE. bastards....

Obviously, the generator is the crux of the problem. The government isn't trying to silence those who point out flaws in airline security; they left Chris's posts explaining how to exploit the loophole. What they did was target the generator, which would make it easier for people to produce fabricated boarding passes. The crime here is not whistleblowing. The crime is aiding the subversion of our nation's security.

Granted, that's a pretty dramatic way of saying it. How much can a kiddy script do? Taking that into account, the FBI's response was nothing short of paranoic, and conducting the search at 2 A.M. seems quite unreasonable. But you never know... Somebody else already pointed this out, but I think too many of us have this crazy fantasy of being just and righteous heroes oppressed by a dictatorial leadership. That's not the way it is. The government is there to help us. Is it so surprising that it, too, is afraid?

Chris:I'm sure the IP and comments of any and all posters to this particular forum are now being logged by the FBI, NSA, and others; therefore, the term "anonymous" really has no meaning as far as we're all concerned.Know that there are others in your country who share your concerns; know that we do not trust our so-called "government" to keep us safe, and know that, unlike many other "anonymous" posters, I only want to see good things happen for you.Yet Another "Anonymous" Poster.

Please point me in the direction of a better government. North Korea perhaps? Or is the the statement missing the following "except for all of the others?"

They punish innocent and scare bright students like you.

Yes US prisons hold tens of thousands of the best and brightest students the US has ever had.

I hope they understand that breaking your windows and ransacking your house and trying to scare you is not going to make AMERICA more SAFE. bastards....

No, what they attempted to do was to stop terminal stupidity. A college educated person might be incredibly intelligent but have zero common sense. That combination has proved fatal on occasion more than once in the past.

Look. I feel sorry for you, but what you did was stupid. Look up Randal Schwartz to see a similar example where someone was trying to point out security flaws by violating security, and is now a convicted felon.

Maybe you didn't actually violate security, or even break a law. But if not, you came damned close, and you should have consulted a lawyer before you put it up in the first place.

I agree with almost everything you've said about airline security. But it was still stupid to do what you did.

As to the guy who said you're a "Benedict Arnold," yes, that's dumb, but so are the people who are comparing the U.S. to Hitler's Germany. As usual, the truth is in between. Far in between.

Also, note people, that the Congressman who called for the arrest is a Democrat, a huge Bush critic on the war on terror, homeland security, the Patriot Act, and just about everything else. For those of us familiar with Ed Markey, we know very well that this is not a Republican-Democrat thing, this is not about Bush's New World Order. This is about a legitimate concern that this boarding pass generator was going to compromise airline security, and belief that it was a violation of federal law.

There have been many ridiculous violations of law in investigating computer programmers. Chip Salzenberg's rights have been entirely trampled, and he is not alone. But I am not convinced at all that you're in the legal right here -- or that you should be -- even if you were right in your statements and intentions.

Maybe your lawyer, who (unlike the rest of us) knows the law well, will find differently.

Taking down Chris Soghoian's website does nothing for security. Any non-idiot, terrorist or otherwise, can still manufacture a boarding pass easily enough just by using the site the federal government did not take down. That site being www.nwa.com .

The lunatics running the security asylum need to realize that ID and boarding pass checks at airports don't provide meaningful security and are a waste of resources. (Checking passengers, their belongings, and cargo provides flight security. Checking ID and boarding passes doesn't.)

Amazingly the TSA officials finally got it right for once. The TSA says this is not a threat since everyone going through the airport security checkpoint -- fake boarding pass or not -- is checked. And, ladies and gentlemen, they are right. Let's scrap the ID checks and leave the boarding pass checks to the airlines, and we'll be no worse off than already.

It's truly tiring and saddening to read the commentary in this thread.

It's time to evolve, people. Many of us are largely capable of reacting to facts and critical thought and discussion, instead of thinking with our emotions and assumptions.

The act of searching and siezing this man's posessions in the manner they did is unecessary. It wouldn't take much to investigate him and his motives and come to the conclusion that he didn't have bad intentions. Quite the contrary, and he should be treated as such.

Those who would repeat the tired assertion that we are at war, and therefore the government is always in the right, need to step back and realize that such extremism is, on a level, no better than that which fuels suicide bombers. Not to mention, that it is a very arguable fact that we started this war. The attacks of September the 11th, 2001 were merely the other side upping the ante. You might say, going all in.

Note this, and note it well: there are no valid extremes in this world except the fact that there are no valid extremes. Nothing is black and white, figuratievly speaking. So, stop declaring enemies vs. friends, terrorists vs. freedom fighters, good vs. evil.. take situations as they come, and seek out the balance of harmony, or as close as you can get to it.

This is the best history has implied that we can hope for. And many, like myself, are capable of showing that this is wholly sufficient in many ways. We don't need to answer everything, we don't need to prove anything, so much as we need to be able to live at peace with ourselves and our neighbors.

I am not religious, I am not a hippy, or anything like that. I am just a man speaking the voice of reason.

I am also a man with the courage to identify himself with his statements. Shame on the horde of cowards that have responded thus far.

p.s. Chris, I applaud your actions and hope to see this turn out well for both you and our government.

There was no reason for them to break into his home at 2 in the morning. Would a visit during the day not have been sufficient? This guy is obviously well intentioned, though a bit naive in action, and there is no reason for this level of attack on him.

This whole "war on terror" campaign is the biggest hoax EVER perpetuated on the American people (a lot like the ‘war on drugs’, actually). When the facts some day come out about the ISI-CIA connection to 9/11, Cheney’s Energy Task Force documents, Peak Oil, etc, etc, and enough people have become familiar with THE FACTS instead of watching Fox News maybe, just maybe, people will open their eyes a bit.

The fact is AMERICA is THE BIGGEST terrorist state: WE are the ones who funded Bin Laden and the Mujahideen; WE funded Saddam AND gave him WMD (and tried to conceal this from international inspectors by bombing them in place in Gulf War I, which should be considered a war crime because of the downwind effects on our troops and the Iraqis); WE killed 1.5 million Iraqis with sanctions; WE killed thousands in Afghanistan (who did nothing to us); WE killed an estimated 655,000 Iraqis to steal their oil via debt based PSAs (see alternet.org); WE are the only country to have used the atomic bomb in an act of aggression; WE funded hundreds of covert operations around the world to destabilize regimes (often democratic) because they were not in our "national interest"; WE spend more on “defense” (read offense) currently than the rest of the world combined; WE used WMD on Afghanistan and Iraq in the form of Depleted Uranium and White Phosphorus (see http://www.brusselstribunal.org/DU-Azzawi.htm and watch “Falluja The Hidden Massacre”), and these are just to name a few of our genocidal exploits.

People, try to understand this, the TSA is not trying to protect anyone. It is a political agency created for damage control and spin in the “war on terror” we created, we fund, we are making ever worse. Of course they don’t care if you can get past the gate or even onto a plane, if someone did and blew himself up it would just give us an excuse to attack Iran, and believe me the Neo Cons really want to.

Fuck America, when the dollar hegemony ends this country will die in its own pile of debt, our children will be paying off only the interest on our foreign debt with their taxes.

Chris, the only crime you committed is letting other Americans know the truth about the TSA: they don’t give a shit about you or me (their job is spin and fear-mongering).

No, that's a misconception. Killing people is just means to an end (if killing people was their goal they'd be doing a bad job, as an American you're still more likely to be killed by a LEO than by terrorists). That end is to scare people (that's why they're TERRORists), and boy does that work. We're afraid of ipods and toothpaste...

Tom makes a best case that can be made against the posting of this script. However he makes some fundamentally wrong assumptions in his analogy to computer security disclosure practices.

1. TSA is not Microsoft, not a software vendor, TSA is a huge, a 45,000 employee bureaucracy subordinate to DHS and under the regulatory control of the U.S.congress. TSA cannot be expected to respond quickly to public shaming in the form of proof of concept exploit.

This was apparently exposed first in Slate on February 2005!. We can quibble over the meaning of "respond quickly", but to me 20 months on a matter that is apparently of such concern to national security (so much so that a citizen has had his apartment broken into and searched by his government) is not "quick" by any stretch of the imagination.

Microsoft are very slow to respond to security reports and fix them. They're notorious. That's why the internet is full of botnets, DDoS, spam and other crap.

Microsoft employs about 61,000 people in over 100 different regions and they're still faster than the TSA in fixing problems. Sometimes when they've got really bad press they can do it in a month or two.2. People's lives are at stake. If someone runs a proof of concept exploit and attack s some vulnerability in windows 2000 servers, maybe some customers are denied service, maybe someone's credit card info is stolen. If a terrorist uses Chris's generator and boards a plane, people die.

People's lives are at stake in all sorts of situations due to computer security. As a trivial example patients could receive the wrong drugs or care regimens if databases were corrupted. It is for reasons like this that OSHA and other federal agencies have mandatory minimum security practices for software and data.Responsible disclosure effects everybody in all sorts of ways in out interconnected world.

Kennard P. Foster is a moron. Allowing the feds to do a "bust in at 2am gestapo" search for a grad student who exploited a long known vuln is simply horrible. A SENATOR commented on this vuln a few years ago. What stops me from taking a VALID E-TICKET and not printing the SSSS. Patching the security hole by raiding the home of the person who made a php script to exploit it is a tactic deserving of Saddam Hussein or Kim Jong-il

For those that keep asking for the source code... remember, it's easy to render this if you have a sample boarding pass to work with.

It'd probably be just as easy to create it yourself & post the code for everyone. How many people do you think they'd arrest / raid before they realized that ANYONE can do this and it's NOT HARD?

Let's say someone posts some new source code they created to do the exact same thing. Now, let's say 50 others published the script on their site and let people generate the passes. Do you think the FBI would raid 50 houses? I seriously doubt it. They're just trying to make an example of this. They've been bit and they're angry at looking like fools - they want revenge and they want to hurt the person that made them look like idiots.

I don't think you need to go to jail. And I'm almost sure that you will not go to jail or even serve any time. But you will feel the heat. It was dumb to post it on the net. But not dumb to expose it.Good work.Good luck at school.You need to work for Homeland Security.Ok guys hire this one.He seems smarter then a few that you have handing out Ideas at this time.

Alright I’ve heard enough. It seems like the only people here are tree hugging liberals and neo cons. Let the voice of reason speak. First off there is a huge security hole, thank you for pointing that out, I had not heard about it yet. However you are an idiot for the way you did it. To all the tree huggers defending his actions: Where will you be when the hole gets patched by requiring biometrics to board planes? That’s right bitching about big brother, so you are digging your own grave. As for the FBI what did you expect them to do? Lets say some nut job used to get past security and ended up hurting someone. That would have been on their conscious and yours but apparently you don’t have one. They don’t know you from Adam your just another nut job to them until they prove otherwise(Normal people don’t do this) They had to do their job plus if you tree huggers had read the search warrant it actually says to the agent “You are here by commanded to search” and its signed by a judge. You know that whole checks and balances thing, maybe you had a class on it in elementary school. Well I haven’t picked on the neo cons enough yet. You all are as dumb and stubborn as the tree huggers. Bush’s war on terror has only produced more terrorists, we will be and are worse off because of it. Twenty years from now I have no doubt that he will be judged as the worst president even beating LBJ. Chris you weren’t malicious in your intention just mind numbingly stupid. If I were you I try some remorse and stop poking the bear especially one with such long claws. Its sounds like they are being easy on you if you aren’t already in a jail cell.

You will be dragged through the muck for it. You will (and already have been) slandered, cursed, accused of crimes. You will be documented, files will be opened, your name will be added to lists. People you have never met will publicly question your love of country, family and God. You posessions have been taken, your freedom from fear destroyed, your persuit of happiness compromised. They have money, power, media access, the abilitly to turn your life into a nightmare.

But you have something they don't have. You have TRUTH. You didn't do anything wrong. They did. And they will bluster and posture and do anything they can to hide their incompetence and pin their mistakes on you.

You hold firm to your beliefs and stand by what you did and why you did it and there is nothing they can do except back down - and pay you lots of money in compensation for you mental pain and anguish.

well this is certainly the most interesting and frightening thing that could happen to me.

i think though that anonymizing tools in general are getting to be significantly useful and incredible, so that people will continue to speak their mind without these repercussions.

so no worries yet, except for this MAN himself and his new personal problems. but this just goes to show how important it is that we keep working on anonymizing networks and bring the tools to the mainstream."

I like the idea of anonymizing networks.. but just because they tic k the "anonymous" button, doesn't mean they really are, from a network point of view - they may be directly connecting.

On the other hand, someone can use a psuedonym - thus allowing their comments to be aggregated, and putting some sense of identity behind the person - while still connecting through an anonymizing service, thus having some degree of anonymity from a network point of view.

You will be dragged through the muck for it. You will (and already have been) slandered, cursed, accused of crimes. You will be documented, files will be opened, your name will be added to lists. People you have never met will publicly question your love of country, family and God. You posessions have been taken, your freedom from fear destroyed, your persuit of happiness compromised. They have money, power, media access, the abilitly to turn your life into a nightmare..."(snip)

I can think of a few other people throughout history who have undergone the same.. some that come to mind include:*Galileo*Darwin (to an extent)*Ghandi

You don't call attention to something by exploiting it independently like this. You should have known this was going to happen, and had a legal response at the ready, and the financial capital for your legal bills. I'm no fan of Bush, but I do not think allowing people (and no, not terrorists. they're not going to use your passes) including those with bad intentions, not just kids playing a game, the ability to print out fake boarding passes was a smart idea in the first place. You should have brought this to a newspaper or something, saying you were able to board a plane with a pass you made. Don't mass produce them. That's just inviting a S&S.

The amazing thing is, is that everyone wants to blame the FBI, TSA, the Federal Government, etc etc etc.

Please keep this in mind when you're bashing federal agencies; every action and/or tool that an agency takes or has at its disposal is either approved or forced by congressional law makers.

I've read comments about how they see a police state in the future, and the federal government is one the one helping terrorist by not focusing on the real problems and just wasting tax payers money. Well guess what, if federal agencies had the tools and authority it wanted, things may actually be less evasive.

Take for instance, security screening at airports. Several posters here have said it is a joke and is a waste of time and money. That their procedures are ridiculous. Well the reason is because the tools that the government could use are not allowed because of your wonderful ACLU. Items such as backscatter technology that could take full body imagery with needing to take off your shoes, jacket, etc. But oh no its too revealing, so instead guess what now you have to walk through a metal detector and take off your outer garments. This is just one example, I could go on and on with examples. So if you want to bitch about things bitch to your congress and protest the ACLU for forcing the federal government to use obtrusive and ridiculous tactics.

As for this issue, I agree exposing security flaws is the responsibility of all americans citizens who actually care about our survival. But there is a difference between exposing a security flaw and providing the means and tools for a would-be terrorists or other criminal to actually exploit that vulnerability.

Here is an example: Imagine you are at a major art museum and you discover that one of the windows is not equipped with security sensors, therefore impossible for tampering to be detected when the museum is closed. What do you do? Do you tell museum security or do place create a web site that points out this vulnerability and then also post the alarm code. Kind of a big difference. It is the difference between being a good samaritan with great intentions and a enabler for criminals.

Why do these assholes from the FBI and all other police-like outfits have to destroy a person's home when they are acting on a search warrant. I mean they secure the location, they have the guns, they have the power, so WHY the fuck can't they simply respect their fellow citizens and search a place with destroying it? What is it with these psychopaths we pay to "protect" us? The entity known as the "government" is truly the worst kind of terrorist there is. Why? Because it can and does destroy lives at whim in so many ways that a religious fanatic could only dream about.

In a way I'm glad you did this to show the system is not working as it should.

However, you should have realized (and should have from the beginning) that you could face criminal charges, since it is common sense that doing what you did is a criminal offense.

Someone states basically that anyone smart enough would realize you did this with good intentions. He's an idiot. We don't know you; the truth, you could be a terrorist--a not-too-smart one, if that were the case.

I live in the same house as someone who was arrested. the police attained a search warrant for probable cause for this person, and went through her room and my room. are they allowed to charge me with the things they found in my room?

It is more likely that your computers would just mysteriously "Stop working" one day because your hard drives were replaced with fake ones while you were gone. So the FBI could investigate you covertly and have the evidence already in hand when they decided to indict you. Then, you find the arrest warrent when you answer the door.

As long as you're innocent you have my every sympathy. Let me tell you about my experience I had with the police recently. I’m 29 years old and a single parent to my 8 year old daughter. I work part time for a charitable organisation, study British Sign Language part time and go to church most Sundays. This is of no interest to the police as I found out on 20th July 2007 at 7am when they broke my front door down! A search warrant was issued on 29th June 2007 and signed by Justice of the Peace! I’d love to know who has informed the police that I allegedly have counterfeit money on my property. And yes, I have made a complaint to the senior management at West Midlands Police because firstly they were given information/evidence from unreliable sources and secondly the whole thing scared the hell out of me and my child! I'm glad we'd had the chance to get out of bed 10 minutes earlier and wake up a little bit before the whole scene unravelled before our eyes. Luckily my dad retired from the police force a few years ago after 30 years service, so he’s helping me with police jargon. I had to take 1 + 1/2 days compassionate leave from work just to get my front door repaired (it’s still completely knackered!). Shall I tell you what I was doing on 29th June 2007? I was preparing for a tap dance exam for the following afternoon. Which part of my life story makes me sound like I’ve been breaking the law? Hmmm. Welcome to Birmingham, UK! Let’s hope the police force can get their facts right the other 364 days - whichever country they are in!

Christopher Soghoian, Ph.D. is a Washington, DC based privacy and security researcher. He is the Principal Technologist in the Speech, Privacy and Technology Project at the American Civil Liberties Union.